Azure · MariusStorhaug · Mar 8, 2022 · Mar 4, 2022 · Mar 5, 2022 · Mar 5, 2022
@@ -44,6 +44,7 @@ stages:
           deploymentBlocks:
             - path: $(modulePath)/.parameters/parameters.json
             - path: $(modulePath)/.parameters/min.parameters.json
+            - path: $(modulePath)/.parameters/internal.parameters.json
 
   - stage: Publishing
     displayName: Publish module

@@ -884,3 +884,18 @@ stages:
             - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json
               templateFilePath: $(templateFilePath)
               displayName: Default Virtual Machine
+
+  - stage: deploy_lb
+    displayName: Deploy load balancers
+    dependsOn:
+      - deploy_vnet
+    variables:
+      resourceType: 'Microsoft.Network/loadBalancers'
+      templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml
+        parameters:
+          deploymentBlocks:
+            - path: $(dependencyPath)/$(resourceType)/parameters/internal.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Deploy module
@@ -81,7 +81,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        parameterFilePaths: ['min.parameters.json', 'parameters.json']
+        parameterFilePaths: ['min.parameters.json', 'parameters.json', 'internal.parameters.json']
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v2

@@ -1265,3 +1265,30 @@ jobs:
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
           managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}'
           removeDeployment: '${{ env.removeDeployment }}'
+
+  job_deploy_lb:
+    runs-on: ubuntu-20.04
+    name: 'Deploy load balancers'
+    env:
+      namespace: 'Microsoft.Network\loadBalancers'
+    needs:
+      - job_deploy_vnet
+    strategy:
+      fail-fast: false
+      matrix:
+        parameterFilePaths: ['internal.parameters.json']
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: 'Deploy module'
+        uses: ./.github/actions/templates/validateModuleDeployment
+        with:
+          templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep'
+          parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}'
+          location: '${{ env.defaultLocation }}'
+          resourceGroupName: '${{ env.defaultResourceGroupName }}'
+          subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+          managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}'
+          removeDeployment: '${{ env.removeDeployment }}'
@@ -0,0 +1,101 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-lb-internal-001"
+        },
+        "loadBalancerSku": {
+            "value": "Standard"
+        },
+        "frontendIPConfigurations": {
+            "value": [
+                {
+                    "name": "privateIPConfig1",
+                    "subnetId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+                }
+            ]
+        },
+        "backendAddressPools": {
+            "value": [
+                {
+                    "name": "servers"
+                }
+            ]
+        },
+        "probes": {
+            "value": [
+                {
+                    "name": "probe1",
+                    "protocol": "Tcp",
+                    "port": "62000",
+                    "intervalInSeconds": 5,
+                    "numberOfProbes": 2
+                }
+            ]
+        },
+        "loadBalancingRules": {
+            "value": [
+                {
+                    "name": "privateIPLBRule1",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 0,
+                    "backendPort": 0,
+                    "enableFloatingIP": true,
+                    "idleTimeoutInMinutes": 4,
+                    "protocol": "All",
+                    "loadDistribution": "Default",
+                    "probeName": "probe1",
+                    "disableOutboundSnat": true,
+                    "enableTcpReset": false,
+                    "backendAddressPoolName": "servers"
+                }
+            ]
+        },
+        "inboundNatRules": {
+            "value": [
+                {
+                    "name": "inboundNatRule1",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 443,
+                    "backendPort": 443,
+                    "enableFloatingIP": false,
+                    "idleTimeoutInMinutes": 4,
+                    "protocol": "Tcp",
+                    "enableTcpReset": false
+                },
+                {
+                    "name": "inboundNatRule2",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 3389,
+                    "backendPort": 3389
+                }
+            ]
+        },
+        "roleAssignments": {
+            "value": [
+                {
+                    "roleDefinitionIdOrName": "Reader",
+                    "principalIds": [
+                        "<<deploymentSpId>>"
+                    ]
+                }
+            ]
+        },
+        "diagnosticLogsRetentionInDays": {
+            "value": 7
+        },
+        "diagnosticStorageAccountId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+        },
+        "diagnosticWorkspaceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+        },
+        "diagnosticEventHubAuthorizationRuleId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+        },
+        "diagnosticEventHubName": {
+            "value": "adp-<<namePrefix>>-az-evh-x-001"
+        }
+    }
+}
@@ -9,9 +9,7 @@
             "value": [
                 {
                     "name": "publicIPConfig1",
-                    "publicIPAddressId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<<namePrefix>>-az-pip-min-lb",
-                    "subnetId": "",
-                    "privateIPAddress": ""
+                    "publicIPAddressId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<<namePrefix>>-az-pip-min-lb"
                 }
             ]
         }

@@ -9,9 +9,7 @@
             "value": [
                 {
                     "name": "publicIPConfig1",
-                    "publicIPAddressId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<<namePrefix>>-az-pip-x-lb",
-                    "subnetId": "",
-                    "privateIPAddress": ""
+                    "publicIPAddressId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<<namePrefix>>-az-pip-x-lb"
                 }
             ]
         },

@@ -64,24 +64,24 @@ param inboundNatRules array = []
 @description('Optional. The outbound rules.')
 param outboundRules array = []
 
-var frontendsSubnets = [for item in frontendIPConfigurations: {
-  id: item.subnetId
-}]
-var frontendsPublicIPAddresses = [for item in frontendIPConfigurations: {
-  id: item.publicIPAddressId
-}]
-var frontendsObj = {
-  subnets: frontendsSubnets
-  publicIPAddresses: frontendsPublicIPAddresses
-}
-
 var frontendIPConfigurations_var = [for (frontendIPConfiguration, index) in frontendIPConfigurations: {
   name: frontendIPConfiguration.name
   properties: {
-    subnet: !empty(frontendIPConfiguration.subnetId) ? frontendsObj.subnets[index] : null
-    publicIPAddress: !empty(frontendIPConfiguration.publicIPAddressId) ? frontendsObj.publicIPAddresses[index] : null
-    privateIPAddress: !empty(frontendIPConfiguration.privateIPAddress) ? frontendIPConfiguration.privateIPAddress : null
-    privateIPAllocationMethod: !empty(frontendIPConfiguration.subnetId) ? (empty(frontendIPConfiguration.privateIPAddress) ? 'Dynamic' : 'Static') : null
+    subnet: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId) ? {
+        id: frontendIPConfiguration.subnetId
+    } : null
+    publicIPAddress: contains(frontendIPConfiguration, 'publicIPAddressId') && !empty(frontendIPConfiguration.publicIPAddressId) ? {
+        id: frontendIPConfiguration.publicIPAddressId
+    } : null
+    privateIPAddress: contains(frontendIPConfiguration, 'privateIPAddress') && !empty(frontendIPConfiguration.privateIPAddress) ? frontendIPConfiguration.privateIPAddress : null
+    privateIPAddressVersion: contains(frontendIPConfiguration, 'privateIPAddressVersion') ? frontendIPConfiguration.privateIPAddressVersion : 'IPv4'
+    privateIPAllocationMethod: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId) ? (contains(frontendIPConfiguration, 'privateIPAddress') ? 'Static' : 'Dynamic') : null
+    gatewayLoadBalancer: contains(frontendIPConfiguration, 'gatewayLoadBalancer') && !empty(frontendIPConfiguration.gatewayLoadBalancer) ? {
+      id: frontendIPConfiguration.gatewayLoadBalancer
+    } : null
+    publicIPPrefix: contains(frontendIPConfiguration, 'publicIPPrefix') && !empty(frontendIPConfiguration.publicIPPrefix) ? {
+      id: frontendIPConfiguration.publicIPPrefix
+    } : null
   }
 }]
 
@@ -130,13 +130,17 @@ var probes_var = [for probe in probes: {
   name: probe.name
   properties: {
     protocol: contains(probe, 'protocol') ? probe.protocol : 'Tcp'
-    requestPath: (contains(probe, 'protocol') && toLower(probe.protocol) == 'tcp') ? null : probe.requestPath
+    requestPath: toLower(probe.protocol) != 'tcp' ? probe.requestPath : null
     port: contains(probe, 'port') ? probe.port : 80
     intervalInSeconds: contains(probe, 'intervalInSeconds') ? probe.intervalInSeconds : 5
     numberOfProbes: contains(probe, 'numberOfProbes') ? probe.numberOfProbes : 2
   }
 }]
 
+var backendAddressPoolNames = [for backendAddressPool in backendAddressPools: {
+  name: backendAddressPool.name
+}]
+
 @description('Optional. The name of metrics that will be streamed.')
 @allowed([
   'AllMetrics'
@@ -169,20 +173,20 @@ resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' = {
   }
   properties: {
     frontendIPConfigurations: frontendIPConfigurations_var
-    backendAddressPools: backendAddressPools
     loadBalancingRules: loadBalancingRules_var
+    backendAddressPools: backendAddressPoolNames
     outboundRules: outboundRules_var
     probes: probes_var
   }
 }
 
 module loadBalancer_backendAddressPools 'backendAddressPools/deploy.bicep' = [for (backendAddressPool, index) in backendAddressPools: {
-  name: '${uniqueString(deployment().name, location)}-LoadBalancer-backendAddressPools-${index}'
+  name: '${uniqueString(deployment().name, location)}-loadBalancer-backendAddressPools-${index}'
   params: {
     loadBalancerName: loadBalancer.name
     name: backendAddressPool.name
-    loadBalancerBackendAddresses: contains(backendAddressPool, 'loadBalancerBackendAddresses') ? backendAddressPool.loadBalancerBackendAddresses : []
-    tunnelInterfaces: contains(backendAddressPool, 'tunnelInterfaces') ? backendAddressPool.tunnelInterfaces : []
+    tunnelInterfaces: contains(backendAddressPool, 'tunnelInterfaces') && !empty(backendAddressPool.tunnelInterfaces) ? backendAddressPool.tunnelInterfaces : []
+    loadBalancerBackendAddresses: contains(backendAddressPool, 'loadBalancerBackendAddresses') && !empty(backendAddressPool.loadBalancerBackendAddresses) ? backendAddressPool.loadBalancerBackendAddresses : []
   }
 }]
 
@@ -245,3 +249,6 @@ output resourceId string = loadBalancer.id
 
 @description('The resource group the load balancer was deployed into')
 output resourceGroupName string = resourceGroup().name
+
+@description('The backend address pools available in the load balancer.')
+output backendpools array = loadBalancer.properties.backendAddressPools
@@ -210,6 +210,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a
 
 | Output Name | Type | Description |
 | :-- | :-- | :-- |
+| `backendpools` | array | The backend address pools available in the load balancer. |
 | `name` | string | The name of the load balancer |
 | `resourceGroupName` | string | The resource group the load balancer was deployed into |
 | `resourceId` | string | The resource ID of the load balancer |

@@ -0,0 +1,76 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "adp-<<namePrefix>>-az-lb-internal-001"
+        },
+        "loadBalancerSku": {
+            "value": "Standard"
+        },
+        "frontendIPConfigurations": {
+            "value": [
+                {
+                    "name": "privateIPConfig1",
+                    "subnetId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+                }
+            ]
+        },
+        "backendAddressPools": {
+            "value": [
+                {
+                    "name": "servers"
+                }
+            ]
+        },
+        "probes": {
+            "value": [
+                {
+                    "name": "probe1",
+                    "protocol": "Tcp",
+                    "port": "62000",
+                    "intervalInSeconds": 5,
+                    "numberOfProbes": 2
+                }
+            ]
+        },
+        "loadBalancingRules": {
+            "value": [
+                {
+                    "name": "privateIPLBRule1",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 0,
+                    "backendPort": 0,
+                    "enableFloatingIP": true,
+                    "idleTimeoutInMinutes": 4,
+                    "protocol": "All",
+                    "loadDistribution": "Default",
+                    "probeName": "probe1",
+                    "disableOutboundSnat": true,
+                    "enableTcpReset": false,
+                    "backendAddressPoolName": "servers"
+                }
+            ]
+        },
+        "inboundNatRules": {
+            "value": [
+                {
+                    "name": "inboundNatRule1",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 443,
+                    "backendPort": 443,
+                    "enableFloatingIP": false,
+                    "idleTimeoutInMinutes": 4,
+                    "protocol": "Tcp",
+                    "enableTcpReset": false
+                },
+                {
+                    "name": "inboundNatRule2",
+                    "frontendIPConfigurationName": "privateIPConfig1",
+                    "frontendPort": 3389,
+                    "backendPort": 3389
+                }
+            ]
+        }
+    }
+}